Lucene search

K

Communications Pricing Design Center Security Vulnerabilities - CVSS Score 9 - 10

cve
cve

CVE-2017-5645

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.

9.8CVSS

9.5AI Score

0.874EPSS

2017-04-17 09:59 PM
464
3
cve
cve

CVE-2019-17195

Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.

9.8CVSS

9.2AI Score

0.012EPSS

2019-10-15 02:15 PM
242
9
cve
cve

CVE-2020-17530

Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25.

9.8CVSS

9.6AI Score

0.973EPSS

2020-12-11 02:15 AM
1217
In Wild
66
cve
cve

CVE-2021-3177

Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf ...

9.8CVSS

9.3AI Score

0.031EPSS

2021-01-19 06:15 AM
1897
59